From fcd3995f64f5dfc6a4c2c059cc22a2fef1e81225 Mon Sep 17 00:00:00 2001 From: Milos Stojanovic Date: Tue, 24 May 2022 13:08:43 +0200 Subject: [PATCH] regenerate session on user update --- backend/Services/Auth/Adapters/JsonFile.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/Services/Auth/Adapters/JsonFile.php b/backend/Services/Auth/Adapters/JsonFile.php index b9c38a35..af16d508 100644 --- a/backend/Services/Auth/Adapters/JsonFile.php +++ b/backend/Services/Auth/Adapters/JsonFile.php @@ -53,7 +53,7 @@ public function user(): ?User if ($user) { foreach ($this->getUsers() as $u) { - if ($u['username'] == $user->getUsername() && $hash == $u['password']) { + if ($u['username'] == $user->getUsername() && $hash == $u['password'].$u['permissions'].$u['homedir'].$u['role']) { return $user; } } @@ -70,7 +70,7 @@ public function authenticate($username, $password): bool if ($u['username'] == $username && $this->verifyPassword($password, $u['password'])) { $user = $this->mapToUserObject($u); $this->store($user); - $this->session->set(self::SESSION_HASH, $u['password']); + $this->session->set(self::SESSION_HASH, $u['password'].$u['permissions'].$u['homedir'].$u['role']); return true; }